[Dnssec-trigger] dhclient-exit-hooks support
schnouki at schnouki.net
Tue Apr 15 07:15:51 UTC 2014
Le 15 avril 2014 à 04:07 CEST, Xavier Belanger <nlnetlabs at belanger.fr> a
>> Has anyone created /etc/dhclient-exit-hooks support for
>> dnssec-trigger? One of my desktops isn't using NetworkManager because
>> it is doing bridging, bonding, VLANs, and all sorts of other fancy
>> stuff via the Fedora network scripts that NetworkManager didn't
>> support until recently. I don't need VPN support, just a way to
>> inject DHCP provided DNS forwarders (and maybe domain as well).
> Sort of. Long time ago I have wrote a couple of scripts to use
> unbound and dnssec-trigger on Slackware (before NetworkManager get
> included in that distro).
> Here are the steps:
> - modify dhcpcd.conf to add the option 'resolv.conf' to the 'nohook'
> command. That way dhcpcd will not try to change /etc/resolv.conf.
> - add a dhcpcd hook script to send the DNS servers provided
> by the local DHCP server to Unbound or (especially during the system boot)
> store the DNS servers into a temporary file.
> - in the dnssec-trigger startup script look for the temporary
> file and load the DNS servers into the Unbound configuration.
> It's far from perfect or even reliable, not heavily tested, but it works.
> Files are here: http://www.ellendhel.net/fichiers/dnssec-slackware.zip
> The most useful to you should be '25-dnssec-trigger'.
> And there is a more detailled blog post, but in French:
> [ http://www.ellendhel.net/article.php?ref=2011+12+24-0 ]
> I don't have any experience with Fedora so you will probably need
> to adjust the files locations.
> Xavier Belanger
> dnssec-trigger mailing list
> dnssec-trigger at NLnetLabs.nl
If it can be of any use, I have a similar setup on Arch Linux. After
installing unbound and dnssec-trigger, I just added a hook in
/usr/lib/dhcpcd/dhcpcd-hooks, and changed the dnssec-triggerdd.service
file (for systemd).
This setup is described here:
Hope this helps.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 489 bytes
Desc: not available
More information about the dnssec-trigger